• GeneralSolved
  • does grapheneos prevent sending metadata to whatsapp?

  • [deleted]

  • Edited

yourmother That's not possible. WhatsApp is garbage, and there is nothing that can be done about it. Only Meta can change that, but they won't because they make good money from your metadata.

You should be disappointed by WhatsApp and Meta and not by anything else.

  • [deleted]

  • Edited

yourmother GrapheneOS cannot, should not and will not somehow arbitrarily modify Whatsapp at runtime and send less metadata to Whatsapp servers, because Whatsapp servers will detect that as a malicious and may block the device from using Whatsapp.

I'm probably fooling myself with this setup, but to minimize the amount of data collection from Whatsapp, I do the following:

  • Remove all permissions from the app with the exception of Network, which for obvious reasons is needed for the app to work.
  • If I need to share, say an image, I remove the Exif data from it, I use the gallery app to share that image with Whatsapp instead of giving it access to Storage. I typically delete the modified image right after sharing it.
  • I run Whatsapp through a VPN (in my case Adguard) and enable a tracker blocking DNS within the VPN app

I know this will not block all trackers or will not limit all data collection within the app. Unfortunately for a number of my contacts, it's either that or using SMS. they won't move to alternatives like Signal etc. because they don't want another app on their phone....

    What are metadata ? They are the time, the sender, the receiver of a message for example. There is no way you can prevent any communication app from accessing that kind of data. Plus I suppose they collect data such as what kind of terminal you are using, ... So the best (if not only) way to avoid WhatsApp from getting metadata from you is not to use WhatsApp.

    a month later

    Max-Zorin I run Whatsapp through a VPN (in my case Adguard) and enable a tracker blocking DNS within the VPN app

    why? vpn does not preventing collecting private data.
    metadata like time, the sender, the receiver of a message etc are in the message. vpn can'nt block that.

      6 days later

      yourmother

      So Whatsapp / Meta doesn't know my real IP address as I'm assuming it collects that information. I have the VPN location in another city.

      I also use a burner phone number and not my main number for Whatsapp.

        • [deleted]

        • Edited

        Max-Zorin I also use a burner phone number and not my main number for Whatsapp.

        What's the point of using burner number with WhatsApp/Signal? Numbers are there to make it easier for others to find you (ostensibly). But even if you initiate every conversation, having some random number has to create some amount of cognitive burden for family/friends/colleagues. Unless you're using WhatsApp to participate in random groups outside of your circle of friends or something along those lines.

        WhatsApp already has your main number anyway.

        • [deleted]

        • Edited

        I use WhatsApp as my secondary messenger. Because pretty much everyone has it, it allows for E2EE messaging with anyone without pestering people to install yet another messenger so we can exchange some mundane information.

        I don't stress about metadata collection too much even though WhatsApp privacy notices remains pretty opaque.

        That said, if someone wants to have regular back-and-fourths with me, I will insist on moving to Signal. I find it's a good balance and I have yet to encounter any resistance.

        What really creeps me out is Telegram, not WhatsApp.

          [deleted] What really creeps me out is Telegram, not WhatsApp.

          I also don't like Telegram, because to have a fully encrypted conversation using opensource part of the messenger, you have to specifically initiate "Secret Chat". Which is OK, but inconvenient when you like to continue the same conversation on a desktop client...

            • [deleted]

            katemason As Moxie put it, Telegram app on your phone is just a "view" onto their servers, where the data actually lives.

            And as anyone who ever used it in the wild with 'regular' folks can attest, no one is using their Secret Chats. But to stay on topic, unlike WhatsApp which at least tries to put its metadata retention in semi-concrete terms involving time periods, Telegram privacy notice doesn't even make an attempt at that, basically saying they store what they store as long as it is necessary.

            Ever-present Durov rants, their silly 'No-SIM Signup' and other blockchain nonsense also do any inspire any confidence in its future.

            When it comes to E2EE messaging defaults matter as this study demonstrates. The amount of people I meet that insist on moving our conversation from WhatsApp to Telegram because 'it's more secure that way' is pretty amazing. Telegram's marketing has really done a number on a lot of people

            8 months later

            Hello, treequell
            I recently sent a product link to my friend who lives abroad to buy it for me. I didnt search for it anywhere. Soon as i opened insta, adflood began related to that product. I never searched for anything related to that product before. I used hardened brave to search for the link.

            5 months later

            Max-Zorin I haven't used WhatsApp for years but am currently thinking about a similar setup (because of people who refuse to install literally anything else), but what I am asking myself regarding the VPN: Is WhatsApp able to e.g. access the current radio cell my smartphone is logged in? Or is it able to scan all nearby WiFis? Because then the VPN would not be so helpful because they can always get your location from these sources.

              6 days later

              snafu

              That's a good question and I really can't answer it. Like I said in my original post, maybe I'm fooling myself on some things with my setup.

              I was hoping with the location permission denied to Whatsapp, even if I gave it Network permission somehow the location would not be included through WiFi scanning or Cell tower scanning. But to know that someone would need to understand the inner workings of GOS and Android.

                6 days later

                Max-Zorin Ok thanks. I installed WhatsApp now in a separate profile with VPN always on and gave it only network, contacts (no problem in the separate profile) and microphone for being able to send voice messages. Should be pretty ok. The only thing they probably still can steal is the timezone because I assume that this is publicly available to all apps and also cannot be changed on a per profile basis but only for the whole smartphone. This might not be relevant if you're always in the same timezone, but for me it would be a nice feature to fake this because I am switching more or less frequently.